Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Office 2013 Gets Macro-Blocking Feature

Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.

Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.

The new functionality is Microsoft’s response to the growing trend of macro-abusing malware assaulting users worldwide and is meant to render corporate networks safer from such threats. Enterprise administrators can now block Office 2013 users from running macros in documents that originated from the Internet.

Earlier this year, the Redmond-based tech giant introduced the functionality in Office 2016 to prevent malicious macros from compromising computers in specific scenarios, and now it made it available for more of its customers.

The same as in Office 2016, enterprise admins can enable the option for Word, Excel, and PowerPoint. Control over this feature is available via the respective application’s Group Policy Administrative Templates for Office 2013.

The functionality is meant to work in Office 2013 exactly the same as in Office 2016, Microsoft says. Thus, organizations have the option to selectively scope macro use to a set of trusted workflows, while also being able to block users from enabling macros in scenarios that are considered high risk. Courtesy of a different and stricter notification, users will be able to more easily distinguish between high-risk situations and normal workflow.

The feature is meant to address the issue of risky macros in documents downloaded from websites or cloud storage services such as OneDrive, Google Drive, and Dropbox. Macros in documents received as attachments in emails from outside sources, as well as those opened from file-sharing services are also targeted.

Macros have recently reemerged as a popular malware distribution method after being nearly extinct for almost a decade, when Microsoft decided to turn them off by default in Office. Now, cybercriminals use various social engineering tactics to trick users into enabling macros in malicious documents.

Researchers observed threat groups abusing macros to deliver malware, but this delivery method is mostly used to infect computers with ransomware or banking Trojans. Recently, researchers discovered that attackers create macro-enabled documents and then rename them by changing their extension, so that detection systems wouldn’t block their delivery.

Advertisement. Scroll to continue reading.

Related: Microsoft Blocks Risky Macros in Office 2016

Related: Attackers Disguise Macro Malware by Renaming Files

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.